38 matches found
CVE-2023-25014
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users...
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users...
EUVD-2023-0614
Malicious code in bioql PyPI...
EUVD-2023-0740
Malicious code in bioql PyPI...
EUVD-2025-16028
Malicious code in bioql PyPI...
CVE-2025-7900
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
GHSA-RC5F-3HFV-JXP2 Femanager extension for TYPO3 allows Insecure Direct Object Reference
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-7900 Insecure Direct Object Reference in extension "femanager" (femanager)
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0...
CVE-2025-7900
CVE-2025-7900 — The femanager extension for TYPO3 contains an Insecure Direct Object Reference that allows unauthorized modification of userdata. Affected versions: 6.4.1 and below; 7.0.0–7.5.2; 8.0.0–8.3.0. Root cause: IDOR in user data handling. Impact: unauthorized modification of userdata. Re...
CVE-2025-48202
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48202
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference...
CVE-2025-48202
The CVE-2025-48202 entry applies to the TYPO3 femanager extension (versions up to 8.2.1). The vulnerability is an Insecure Direct Object Reference (IDOR) in the newAction of the newController, allowing attackers to view frontend user data via a user parameter. Root cause is unsafe direct object r...
PT-2025-22371
Name of the Vulnerable Software and Affected Versions femanager extension versions prior to 8.2.2 Description The issue allows attackers to view frontend user data. This is achieved through an Insecure Direct Object Reference IDOR in the femanager TYPO3 extension, where attackers can exploit a us...
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-006...
PT-2023-31564 · Typo3 · Femanager Extension For Typo3
Name of the Vulnerable Software and Affected Versions: femanager Extension for TYPO3 affected versions not specified Description: A security bypass issue has been identified in the femanager Extension for TYPO3. Recommendations: At the moment, there is no information about a newer version that...
GHSA-4XP5-HR35-84CX Broken Access Control in extension "femanager"
The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions...
Broken Access Control in extension "femanager"
The extension fails to check access permissions for the edit user component. An authenticated frontend user can use the vulnerability to either edit data of various frontend users or to delete various frontend user accounts. Another missing access check in the backend module of the extensions...
CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...
CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...
CVE-2022-44543
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...